Comment by gnfargbl

Comment by gnfargbl 18 hours ago

2 replies

View on Hacker News

It's pretty standard for the infosec world, it attracts somewhat unusual personalities. This is why it's so important for larger companies to have clearly signposted responsible disclosure channels: if the channels are there, then people like Bob often will use them, even if there's no reward on offer.

> causing the friend to get fired, rightfully so

Given that the intent of the friend was to help improve McDonalds' security, I'd have to disagree that the firing was rightful. However, it is something that probably 90%+ of multinationals would do in this situation.

smelendez 17 hours ago

> Given that the intent of the friend was to help improve McDonalds' security, I'd have to disagree that the firing was rightful.

I’d be inclined to fire someone who shared their credentials with an outsider running an unauthorized security test or discussed unpatched vulnerabilities in detail with outsiders.

An employee poking around and finding stuff on their own and reporting it might be a different story, though the details would still matter a lot.

Reply View 1 reply
  • ycombinatrix 14 hours ago

    OP did not use their employee friend's credentials, they created their own account through the registration page.

    Reply View 0 replies